How to Delete Expired Access Tokens

I have an OAuth workflow working which generates access tokens that expire after 1 hour. I'm building short games that shouldn't extend past that hour so I felt like it would be ok to not use refresh tokens and instead just let those tokens expire. After lots of testing I noticed that Access Tokens were pilling up in my test instance, creating a long list of them in the Settings menu where they're displayed. While I know this isn't necessarily a problem for the average user since they never go into that section anyway, it seems weird to me that even the access tokens that expired still where listed in that area. Shouldn't they disappear? Is my custom Canvas instance not set up correctly or something?

Christopher, welcome! Due to the nature of this question I'm going to share this with the Canvas Developers group in the Community to see if they can help. They are the ones that manage a lot of back-end Canvas relate things like this and should be able to help!

I haven't tried it on an expired token. For this case, it might be that you need to store the refresh token so you can update the access token and then use the token to delete itself. Let us know if you try it out.

Just tried the DELETE on an expired token, and as expected you cannot delete it.

So you need to either store the refresh token and do a refresh then delete, or if you are keeping track of expiry times you could delete the token just before it expires. Or if the users do something at the end of the games you could have that call the delete.

Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment. Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.